Thursday, March 22, 2012

CIL 2012 Day 2 - IT Security for Libraries


My second session of the day was a presentation from Blake Carver, the owner and maintainer of LISHost, on good security practices. I listen regularly to Steve Gibson'sSecurity Now! podcast, which is effectively an ongoing course in good security practice. I didn't really expect to learn a whole lot here, and I didn't. However there were several things I did pick up which I think made it worth my while and that I think I'll be able to use in future presentations.

First, Blake used several quotes that were quite good and explain some computer security issues succinctly. Some examples are:
  • “Security is two different things: It's a feeling. It's a reality.” - meaning that you can feel secure and safe when you are not, and once you've learned lots about security problems and how to deal with them, you can feel rather at risk when in fact you are pretty locked down and secure.
  • “Antivirus / a firewall is a seatbelt, not a force field” - meaning that these things help you out when something goes horribly wrong and can keep things from getting too bad, but they don't in themselves keep you secure.
  • “Carry a safe, not a suitcase.” - in reference to laptops and cell phones meaning that it should be configured in such a way that someone picking it up who doesn't have the proper credentials will have a very hard time using it, if they can use it at all.
Blake also provided some handy statistics that catch your eye:
  • 600,000 times a day someone tries to login to a stolen Facebook account
  • A Verizon data breach report in the Fall of 2011 found that of those hacked:
    • 83% were targets of opportunity (they had not been targeted themselves for hacking)
    • 92% of the attacks were easy
    • 85% of the hacks were discovered by a third party (i.e. not by the person who had been hacked)
    • 96% of the hacks were avoidable
And finally Blake provided some additional resources that I think I'll find useful:
  • Firefox Collusion – a plugin that lets you see who's been tracking your movements on the web and how they are related to one another.
  • SANS 20 Critical Security Controls 
  • Securing Library Technology: A How-To-Do-It Manual by Earp & Wright 
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)